Switch to generating certs with openssl.

2025-12-14 18:24:24 -05:00
parent f2a505131a
commit 45312dd91f
23 changed files with 476 additions and 324 deletions
--- a/nix/kubernetes/keys/package/k8s-keys/files/ca-config.json
+++ b/nix/kubernetes/keys/package/k8s-keys/files/ca-config.json
@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-      "expiry": "8760h"
-    },
-    "profiles": {
-      "kubernetes": {
-        "usages": ["signing", "key encipherment", "server auth", "client auth"],
-        "expiry": "8760h"
-      }
-    }
-  }
-}
--- a/nix/kubernetes/keys/package/k8s-keys/files/kubernetes-csr.json
+++ b/nix/kubernetes/keys/package/k8s-keys/files/kubernetes-csr.json
@@ -1,16 +0,0 @@
-{
-  "CN": "kubernetes",
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "C": "US",
-      "L": "Portland",
-      "O": "Kubernetes",
-      "OU": "Kubernetes The Hard Way",
-      "ST": "Oregon"
-    }
-  ]
-}
--- a/nix/kubernetes/keys/package/k8s-keys/package.nix
+++ b/nix/kubernetes/keys/package/k8s-keys/package.nix
@@ -6,10 +6,8 @@
 symlinkJoin {
  name = "k8s-keys";
  paths = [
-    k8s.kubernetes
    k8s.ca
-    k8s.service_account
-    k8s.requestheader-client-ca
-    k8s.controller-proxy
-  ];
+  ]
+  ++ (builtins.attrValues k8s.keys)
+  ++ (builtins.attrValues k8s.client-configs);
 }